// Joomla core vulnerabilities
var vulns = Array (
["Joomla! Core 3.4.x Cross-Site Scripting","3.4.0","3.4.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.4.x ranging from 3.4.0 and up to and including 3.4.3 are vulnerable.","https://github.com/poc-lab/exp/blob/master/CVE-2015-6939","https://packetstormsecurity.com/files/133907/Joomla-CMS-3.4.3-Cross-Site-Scripting.html","https://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html","","","CVE-2015-6939","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.4.4 or latest","10/14/2015"],
["Joomla! Core 3.x.x Cross-Site Request Forgery","3.2.0","3.4.1","Joomla! Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Joomla! Core versions 3.x.x ranging from 3.2.0 and up to and including 3.4.1 are vulnerable.","https://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html","","","","","CVE-2015-5397","CWE-352","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.2 or latest","10/14/2015"],
["Joomla! Core 3.x.x Open Redirect","3.0.0","3.4.1","Joomla! Core is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.4.1 are vulnerable.","https://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html","","","","","CVE-2015-5608","CWE-601","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.2 or latest","10/14/2015"],
["Joomla! Core 2.5.x Denial of Service","2.5.4","2.5.25","Joomla! Core is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 2.5.x ranging from 2.5.4 and up to and including 2.5.25 are vulnerable.","https://developer.joomla.org/security/596-20140904-core-denial-of-service.html","","","","","CVE-2014-7229","CWE-400","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.26 or latest","10/14/2015"],
["Joomla! Core 3.x.x Denial of Service","3.0.0","3.2.5","Joomla! Core is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.2.5 are vulnerable.","https://developer.joomla.org/security/596-20140904-core-denial-of-service.html","","","","","CVE-2014-7229","CWE-400","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.2.6 or latest","10/14/2015"],
["Joomla! Core 3.3.x Denial of Service","3.3.0","3.3.4","Joomla! Core is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 3.3.x ranging from 3.3.0 and up to and including 3.3.4 are vulnerable.","https://developer.joomla.org/security/596-20140904-core-denial-of-service.html","","","","","CVE-2014-7229","CWE-400","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.3.5 or latest","10/14/2015"],
["Joomla! Core 2.5.x Remote File Inclusion","2.5.4","2.5.25","Joomla! Core is prone to a remote file inclusion vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system. Joomla! Core versions 2.5.x ranging from 2.5.4 and up to and including 2.5.25 are vulnerable.","https://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/","https://www.exploit-db.com/exploits/35033/","https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html","https://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html","","CVE-2014-7228","CWE-94","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.26 or latest","10/14/2015"],
["Joomla! Core 3.x.x Remote File Inclusion","3.0.0","3.2.5","Joomla! Core is prone to a remote file inclusion vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.2.5 are vulnerable.","https://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/","https://www.exploit-db.com/exploits/35033/","https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html","https://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html","","CVE-2014-7228","CWE-94","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.2.6 or latest","10/14/2015"],
["Joomla! Core 3.3.x Remote File Inclusion","3.3.0","3.3.4","Joomla! Core is prone to a remote file inclusion vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system. Joomla! Core versions 3.3.x ranging from 3.3.0 and up to and including 3.3.4 are vulnerable.","https://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/","https://www.exploit-db.com/exploits/35033/","https://www.akeebabackup.com/home/news/1605-security-update-sep-2014.html","https://developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html","","CVE-2014-7228","CWE-94","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.3.5 or latest","10/14/2015"],
["Joomla! Core 2.5.x Security Bypass","2.5.0","2.5.24","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass intended access restrictions via vectors involving LDAP authentication. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.24 are vulnerable.","https://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html","","","","","CVE-2014-6632","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.25 or latest","10/15/2015"],
["Joomla! Core 3.x.x Security Bypass","3.0.0","3.2.4","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass intended access restrictions via vectors involving LDAP authentication. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.2.4 are vulnerable.","https://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html","","","","","CVE-2014-6632","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.2.5 or latest","10/15/2015"],
["Joomla! Core 3.3.x Security Bypass","3.3.0","3.3.3","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass intended access restrictions via vectors involving LDAP authentication. Joomla! Core versions 3.3.x ranging from 3.3.0 and up to and including 3.3.3 are vulnerable.","https://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html","","","","","CVE-2014-6632","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.3.4 or latest","10/15/2015"],
["Joomla! Core 3.2.x Cross-Site Scripting","3.2.0","3.2.4","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.2.x ranging from 3.2.0 and up to and including 3.2.4 are vulnerable.","https://community.qualys.com/blogs/securitylabs/2014/10/09/joomla-vulnerability-cve-2014-6631-qualys-web-application-scanning","https://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html","","","","CVE-2014-6631","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.2.5 or latest","10/15/2015"],
["Joomla! Core 3.3.x Cross-Site Scripting","3.3.0","3.3.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.3.x ranging from 3.3.0 and up to and including 3.3.3 are vulnerable.","https://community.qualys.com/blogs/securitylabs/2014/10/09/joomla-vulnerability-cve-2014-6631-qualys-web-application-scanning","https://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html","","","","CVE-2014-6631","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.3.4 or latest","10/15/2015"],
["Joomla! Core 3.x.x SQL Injection","3.1.0","3.2.2","Joomla! Core is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 3.x.x ranging from 3.1.0 and up to and including 3.2.2 are vulnerable.","https://www.exploit-db.com/exploits/31459/","http://hauntit.blogspot.ro/2014/05/how-i-meet-your-joomla-322-sql-injection.html","https://developer.joomla.org/security/578-20140301-core-sql-injection.html","","","CVE-2014-7981","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.2.3 or latest","10/15/2015"],
["Joomla! Core 3.x.x Cross-Site Scripting","3.1.2","3.2.2","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.x.x ranging from 3.1.2 and up to and including 3.2.2 are vulnerable.","https://developer.joomla.org/security-centre/579-20140302-core-xss-vulnerability.html","","","","","CVE-2014-7983","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.2.3 or latest","10/15/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.18","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.18 are vulnerable.","https://developer.joomla.org/security-centre/580-20140303-core-xss-vulnerability.html","","","","","CVE-2014-7982","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.19 or latest","10/15/2015"],
["Joomla! Core 3.x.x Cross-Site Scripting","3.0.0","3.2.2","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.2.2 are vulnerable.","https://developer.joomla.org/security-centre/580-20140303-core-xss-vulnerability.html","","","","","CVE-2014-7982","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.2.3 or latest","10/15/2015"],
["Joomla! Core 2.5.x Security Bypass","2.5.0","2.5.18","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass intended access restrictions via vectors involving GMail authentication. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.18 are vulnerable.","https://developer.joomla.org/security-centre/581-20140304-core-unauthorised-logins.html","","","","","CVE-2014-7984","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.19 or latest","10/15/2015"],
["Joomla! Core 3.x.x Security Bypass","3.0.0","3.2.2","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass intended access restrictions via vectors involving GMail authentication. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.2.2 are vulnerable.","https://developer.joomla.org/security-centre/581-20140304-core-unauthorised-logins.html","","","","","CVE-2014-7984","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.2.3 or latest","10/15/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.14","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.14 are vulnerable.","https://osandamalith.wordpress.com/2014/02/01/my-joomla-xss-0days/","https://developer.joomla.org/security/news/572-20131103-core-xss-vulnerability","https://developer.joomla.org/security/news/571-20131102-core-xss-vulnerability","https://developer.joomla.org/security/news/570-20131101-core-xss-vulnerability","","","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 2.5.16 or latest","10/15/2015"],
["Joomla! Core 3.x.x Cross-Site Scripting","3.0.0","3.1.5","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.1.5 are vulnerable.","https://osandamalith.wordpress.com/2014/02/01/my-joomla-xss-0days/","https://developer.joomla.org/security/news/572-20131103-core-xss-vulnerability","https://developer.joomla.org/security/news/571-20131102-core-xss-vulnerability","https://developer.joomla.org/security/news/570-20131101-core-xss-vulnerability","","","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 3.1.6 or latest","10/15/2015"],
["Joomla! Core 2.5.x Arbitrary File Upload","2.5.0","2.5.13","Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.13 are vulnerable.","http://niiconsulting.com/checkmate/2013/08/critical-joomla-file-upload-vulnerability/","https://www.exploit-db.com/exploits/27610/","https://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads","","","CVE-2013-5576","CWE-434","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.14 or latest","10/16/2015"],
["Joomla! Core 3.x.x Arbitrary File Upload","3.0.0","3.1.4","Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.1.4 are vulnerable.","http://niiconsulting.com/checkmate/2013/08/critical-joomla-file-upload-vulnerability/","https://www.exploit-db.com/exploits/27610/","https://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads","","","CVE-2013-5576","CWE-434","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.1.5 or latest","10/16/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.9","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","https://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html","","","","","CVE-2013-3059","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Cross-Site Scripting","3.0.0","3.0.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","https://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html","","","","","CVE-2013-3059","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.9","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","https://www.trustwave.com/Resources/SpiderLabs-Blog/Exploiting-Serialized-XSS-in-Joomla!-(return-of-the-undead-CVE)/","http://dzlnly.blogspot.ro/2013/08/joomla-cve-2013-3267.html","https://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html","","","CVE-2013-3267","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Cross-Site Scripting","3.0.0","3.0.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","https://www.trustwave.com/Resources/SpiderLabs-Blog/Exploiting-Serialized-XSS-in-Joomla!-(return-of-the-undead-CVE)/","http://dzlnly.blogspot.ro/2013/08/joomla-cve-2013-3267.html","https://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html","","","CVE-2013-3267","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Denial of Service","2.5.0","2.5.9","Joomla! Core is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","http://karmainsecurity.com/KIS-2013-04","https://www.exploit-db.com/exploits/25087/","https://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html","","","CVE-2013-3242","CWE-400","AV:N/AC:L/Au:S/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Denial of Service","3.0.0","3.0.3","Joomla! Core is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","http://karmainsecurity.com/KIS-2013-04","https://www.exploit-db.com/exploits/25087/","https://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html","","","CVE-2013-3242","CWE-400","AV:N/AC:L/Au:S/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.9","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","https://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html","","","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Cross-Site Scripting","3.0.0","3.0.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","https://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html","","","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.9","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","https://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html","","","","","CVE-2013-3058","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Cross-Site Scripting","3.0.0","3.0.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","https://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html","","","","","CVE-2013-3058","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Information Disclosure","2.5.0","2.5.9","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","https://developer.joomla.org/security/82-20130402-core-information-disclosure.html","","","","","CVE-2013-3057","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Information Disclosure","3.0.0","3.0.3","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","https://developer.joomla.org/security/82-20130402-core-information-disclosure.html","","","","","CVE-2013-3057","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Security Bypass","2.5.0","2.5.9","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently delete private messages. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.9 are vulnerable.","https://developer.joomla.org/security/84-20130401-core-privilege-escalation.html","","","","","CVE-2013-3056","CWE-264","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.10 or latest","10/21/2015"],
["Joomla! Core 3.0.x Security Bypass","3.0.0","3.0.3","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently delete private messages. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.3 are vulnerable.","https://developer.joomla.org/security/84-20130401-core-privilege-escalation.html","","","","","CVE-2013-3056","CWE-264","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.4 or latest","10/21/2015"],
["Joomla! Core 2.5.x Information Disclosure","2.5.0","2.5.8","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.8 are vulnerable.","http://karmainsecurity.com/KIS-2013-03","http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability","https://www.exploit-db.com/exploits/24551/","https://developer.joomla.org/security-centre/548-20130201-core-information-disclosure.html","","CVE-2013-1453","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.9 or latest","10/21/2015"],
["Joomla! Core 3.0.x Information Disclosure","3.0.0","3.0.2","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.2 are vulnerable.","http://karmainsecurity.com/KIS-2013-03","http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability","https://www.exploit-db.com/exploits/24551/","https://developer.joomla.org/security-centre/548-20130201-core-information-disclosure.html","","CVE-2013-1453","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.3 or latest","10/21/2015"],
["Joomla! Core 3.0.x Information Disclosure","3.0.0","3.0.2","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.2 are vulnerable.","https://developer.joomla.org/security/549-20130202-core-information-disclosure.html","","","","","CVE-2013-1455","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.3 or latest","10/22/2015"],
["Joomla! Core 3.0.x Information Disclosure","3.0.0","3.0.2","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.2 are vulnerable.","https://developer.joomla.org/security-centre/550-20130203-core-information-disclosure.html","","","","","CVE-2013-1454","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.3 or latest","10/22/2015"],
["Joomla! Core 3.0.x Clickjacking Vulnerability","3.0.0","3.0.1","Joomla! Core is prone to a clickjacking vulnerability. Successful exploitation will allow an attacker to compromise the affected application or obtain sensitive information; other attacks are also possible. Joomla! Core versions 3.0.x ranging from 3.0.0 and up to and including 3.0.1 are vulnerable.","https://developer.joomla.org/security-centre/543-20121101-core-clickjacking.html","","","","","CVE-2012-5827","CWE-693","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.0.2 or latest","10/22/2015"],
["Joomla! Core 2.5.x Clickjacking Vulnerability","2.5.0","2.5.7","Joomla! Core is prone to a clickjacking vulnerability. Successful exploitation will allow an attacker to compromise the affected application or obtain sensitive information; other attacks are also possible. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.7 are vulnerable.","https://developer.joomla.org/news/security/544-20121102-core-clickjacking.html","","","","","CVE-2012-5827","CWE-693","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.8 or latest","10/22/2015"],
["Joomla! Core 3.0.0 Cross-Site Scripting","3.0.0","3.0.0","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core version 3.0.0 is vulnerable.","https://developer.joomla.org/security-centre/541-20121001-core-xss-vulnerability.html","","","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 3.0.1 or latest","10/22/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.6","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.6 are vulnerable.","http://www.waraxe.us/content-88.html","https://developer.joomla.org/security-centre/539-20120901-core-xss-vulnerability.html","","","","CVE-2012-4531","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.7 or latest","10/22/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.6","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.6 are vulnerable.","http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt","https://www.exploit-db.com/exploits/37473/","https://developer.joomla.org/security-centre/540-20120902-core-xss-vulnerability.html","","","CVE-2012-4532","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.7 or latest","10/22/2015"],
["Joomla! Core 2.5.x Security Bypass","2.5.0","2.5.4","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions by escalating their privileges. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.4 are vulnerable.","https://developer.joomla.org/security-centre/470-20120601-core-privilege-escalation.html","","","","","CVE-2012-2747","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.5 or latest","10/22/2015"],
["Joomla! Core 2.5.x Information Disclosure","2.5.0","2.5.4","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.4 are vulnerable.","https://developer.joomla.org/security-centre/471-20120602-core-information-disclosure.html","","","","","CVE-2012-2748","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.5 or latest","10/22/2015"],
["Joomla! Core 2.5.x Information Disclosure","2.5.0","2.5.3","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.3 are vulnerable.","https://developer.joomla.org/security-centre/398-20120307-core-information-disclosure.html","","","","","CVE-2012-1611","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.4 or latest","10/22/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.3 are vulnerable.","https://developer.joomla.org/security-centre/399-20120308-core-xss-vulnerability.html","","","","","CVE-2012-1612","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.4 or latest","10/22/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.25","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.25 are vulnerable.","https://developer.joomla.org/security-centre/396-20120305-core-password-change.html","","","","","CVE-2012-1598","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.26 or latest","10/22/2015"],
["Joomla! Core 1.5.x Information Disclosure","1.5.0","1.5.25","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.25 are vulnerable.","https://developer.joomla.org/security-centre/397-20120306-core-information-disclosure.html","","","","","CVE-2012-1599","CWE-264","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.26 or latest","10/22/2015"],
["Joomla! Core 2.5.x Security Bypass","2.5.0","2.5.2","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.2 are vulnerable.","https://developer.joomla.org/security-centre/394-20120304-core-password-change.html","","","","","CVE-2012-1562","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.3 or latest","10/22/2015"],
["Joomla! Core 1.7.x Security Bypass","1.7.0","1.7.5","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.5 are vulnerable.","https://developer.joomla.org/security-centre/394-20120304-core-password-change.html","","","","","CVE-2012-1562","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.3 or latest","10/22/2015"],
["Joomla! Core 1.6.x Security Bypass","1.6.0","1.6.6","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","https://developer.joomla.org/security-centre/394-20120304-core-password-change.html","","","","","CVE-2012-1562","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.3 or latest","10/22/2015"],
["Joomla! Core 2.5.x Security Bypass","2.5.0","2.5.2","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions by escalating their privileges due to a programming error. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.2 are vulnerable.","http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html","https://developer.joomla.org/security-centre/395-20120303-core-privilege-escalation.html","","","","CVE-2012-1563","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.3 or latest","10/22/2015"],
["Joomla! Core 1.7.x Security Bypass","1.7.0","1.7.5","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions by escalating their privileges due to a programming error. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.5 are vulnerable.","http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html","https://developer.joomla.org/security-centre/395-20120303-core-privilege-escalation.html","","","","CVE-2012-1563","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.3 or latest","10/22/2015"],
["Joomla! Core 1.6.x Security Bypass","1.6.0","1.6.6","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions by escalating their privileges due to a programming error. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html","https://developer.joomla.org/security-centre/395-20120303-core-privilege-escalation.html","","","","CVE-2012-1563","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.3 or latest","10/22/2015"],
["Joomla! Core 2.5.x SQL Injection","2.5.0","2.5.1","Joomla! Core is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.1 are vulnerable.","https://www.exploit-db.com/exploits/18618/","http://www.securityfocus.com/bid/52312/exploit","https://www.youtube.com/watch?v=4WYxw4nMFaw","https://developer.joomla.org/security-centre/391-20120301-core-sql-injection.html","","CVE-2012-1116","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.2 or latest","10/22/2015"],
["Joomla! Core 1.7.x SQL Injection","1.7.0","1.7.4","Joomla! Core is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.4 are vulnerable.","https://www.exploit-db.com/exploits/18618/","http://www.securityfocus.com/bid/52312/exploit","https://www.youtube.com/watch?v=4WYxw4nMFaw","https://developer.joomla.org/security-centre/391-20120301-core-sql-injection.html","","CVE-2012-1116","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 2.5.2 or latest","10/22/2015"],
["Joomla! Core 2.5.x Cross-Site Scripting","2.5.0","2.5.1","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 2.5.x ranging from 2.5.0 and up to and including 2.5.1 are vulnerable.","https://developer.joomla.org/security-centre/392-20120302-core-xss-vulnerability.html","","","","","CVE-2012-1117","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.2 or latest","10/22/2015"],
["Joomla! Core 3.x.x SQL Injection","3.2.0","3.4.4","Joomla! Core is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 3.x.x ranging from 3.2.0 and up to and including 3.4.4 are vulnerable.","https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/","https://blog.perimeterx.com/joomla-cve-2015-7297/","https://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html","https://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html","","CVE-2015-7297,CVE-2015-7857,CVE-2015-7858","CWE-89","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.4.5 or latest","10/23/2015"],
["Joomla! Core 3.x.x Security Bypass","3.2.0","3.4.4","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read data. Joomla! Core versions 3.x.x ranging from 3.2.0 and up to and including 3.4.4 are vulnerable.","https://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html","","","","","CVE-2015-7859","CWE-264","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.5 or latest","10/23/2015"],
["Joomla! Core 3.x.x Security Bypass","3.0.0","3.4.4","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read data. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.4.4 are vulnerable.","https://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html","","","","","CVE-2015-7899","CWE-264","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.5 or latest","10/23/2015"],
["Joomla! Core 2.5.0 Information Disclosure","2.5.0","2.5.0","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core version 2.5.0 is vulnerable.","https://developer.joomla.org/security-centre/387-20120201-core-information-disclosure.html","","","","","CVE-2012-0835","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.1 or latest","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.4","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.4 are vulnerable.","https://developer.joomla.org/security-centre/387-20120201-core-information-disclosure.html","","","","","CVE-2012-0835","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.5 or latest","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.4","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.4 are vulnerable.","https://developer.joomla.org/security-centre/388-20120202-core-information-disclosure.html","","","","","CVE-2012-0836","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.5, 2.5.1 or higher","10/23/2015"],
["Joomla! Core 2.5.0 Information Disclosure","2.5.0","2.5.0","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core version 2.5.0 is vulnerable.","https://developer.joomla.org/security-centre/389-20120203-core-information-disclosure.html","","","","","CVE-2012-0837","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 2.5.1 or latest","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.4","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.4 are vulnerable.","https://developer.joomla.org/security-centre/389-20120203-core-information-disclosure.html","","","","","CVE-2012-0837","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.5 or latest","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.3","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.3 are vulnerable.","https://developer.joomla.org/security-centre/382-20120101-core-information-disclosure.html","","","","","CVE-2012-0819","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.6.x Information Disclosure","1.6.0","1.6.6","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","https://developer.joomla.org/security-centre/382-20120101-core-information-disclosure.html","","","","","CVE-2012-0819","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.7.x Cross-Site Scripting","1.7.0","1.7.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.3 are vulnerable.","https://developer.joomla.org/security-centre/383-20120102-core-xss-vulnerability.html","","","","","CVE-2012-0820","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.6.x Cross-Site Scripting","1.6.0","1.6.6","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","https://developer.joomla.org/security-centre/383-20120102-core-xss-vulnerability.html","","","","","CVE-2012-0820","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.3","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.3 are vulnerable.","https://developer.joomla.org/security-centre/384-20120103-core-information-disclosure.html","","","","","CVE-2012-0821","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.6.x Information Disclosure","1.6.0","1.6.6","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","https://developer.joomla.org/security-centre/384-20120103-core-information-disclosure.html","","","","","CVE-2012-0821","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.7.x Cross-Site Scripting","1.7.0","1.7.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.3 are vulnerable.","https://developer.joomla.org/security-centre/385-20120104-core-xss-vulnerability.html","","","","","CVE-2012-0822","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.6.x Cross-Site Scripting","1.6.0","1.6.6","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","https://developer.joomla.org/security-centre/385-20120104-core-xss-vulnerability.html","","","","","CVE-2012-0822","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.4, 2.5.0 or higher","10/23/2015"],
["Joomla! Core 1.7.x Cross-Site Scripting","1.7.0","1.7.2","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.2 are vulnerable.","https://developer.joomla.org/security-centre/373-20111101-core-xss-vulnerability.html","","","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.3 or latest","10/23/2015"],
["Joomla! Core 1.7.x Security Bypass","1.7.0","1.7.2","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.2 are vulnerable.","https://developer.joomla.org/security-centre/374-20111102-core-password-change.html","","","","","","CWE-330","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.3 or latest","10/23/2015"],
["Joomla! Core 1.6.x Security Bypass","1.6.0","1.6.6","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","https://developer.joomla.org/security-centre/374-20111102-core-password-change.html","","","","","","CWE-330","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.3 or latest","10/23/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.24","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.24 are vulnerable.","https://developer.joomla.org/security-centre/375-20111103-core-password-change.html","","","","","CVE-2011-4321","CWE-310","AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.25 or latest","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.1","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.1 are vulnerable.","https://developer.joomla.org/security-centre/370-20111001-core-information-disclosure.html","","","","","CVE-2011-3629","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.2 or latest","10/23/2015"],
["Joomla! Core 1.7.x Information Disclosure","1.7.0","1.7.1","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.7.x ranging from 1.7.0 and up to and including 1.7.1 are vulnerable.","https://developer.joomla.org/security-centre/371-20111002-core-information-disclosure.html","","","","","CVE-2011-4937","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.7.2 or latest","10/23/2015"],
["Joomla! Core 1.5.x Information Disclosure","1.5.0","1.5.23","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.23 are vulnerable.","https://developer.joomla.org/security-centre/372-20111003-core-information-disclosure.html","","","","","CVE-2011-3629","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.24 or latest","10/23/2015"],
["Joomla! Core 1.7.0 Information Disclosure","1.7.0","1.7.0","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core version 1.7.0 is vulnerable.","https://developer.joomla.org/security-centre/369-20110903-core-information-disclosure.html","","","","","","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","Update to Joomla! Core version 1.7.1 or latest","10/26/2015"],
["Joomla! Core 1.7.0 Cross-Site Scripting","1.7.0","1.7.0","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core version 1.7.0 is vulnerable.","http://bl0g.yehg.net/2011/09/joomla-170-multiple-cross-site.html","https://packetstormsecurity.com/files/105430/Joomla-1.7.0-Cross-Site-Scripting.html","https://www.exploit-db.com/exploits/36176/","https://developer.joomla.org/security-centre/367-20110901-core-xss-vulnerability.html","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.1 or latest","10/26/2015"],
["Joomla! Core 1.6.x Cross-Site Scripting","1.6.0","1.6.6","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","http://bl0g.yehg.net/2011/09/joomla-170-multiple-cross-site.html","https://packetstormsecurity.com/files/105430/Joomla-1.7.0-Cross-Site-Scripting.html","https://www.exploit-db.com/exploits/36176/","https://developer.joomla.org/security-centre/367-20110901-core-xss-vulnerability.html","https://developer.joomla.org/security-centre/373-20111101-core-xss-vulnerability.html","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.3 or latest","10/26/2015"],
["Joomla! Core 1.7.0 Cross-Site Scripting","1.7.0","1.7.0","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core version 1.7.0 is vulnerable.","http://bl0g.yehg.net/2011/09/joomla-170-multiple-cross-site.html","https://packetstormsecurity.com/files/105430/Joomla-1.7.0-Cross-Site-Scripting.html","https://www.exploit-db.com/exploits/36176/","https://developer.joomla.org/security-centre/368-20110902-core-xss-vulnerability.html","","CVE-2011-3595","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.1 or latest","10/26/2015"],
["Joomla! Core 1.6.x Cross-Site Scripting","1.6.0","1.6.6","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.6 are vulnerable.","http://bl0g.yehg.net/2011/09/joomla-170-multiple-cross-site.html","https://packetstormsecurity.com/files/105430/Joomla-1.7.0-Cross-Site-Scripting.html","https://www.exploit-db.com/exploits/36176/","https://developer.joomla.org/security-centre/368-20110902-core-xss-vulnerability.html","","CVE-2011-3595","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.7.1 or latest","10/26/2015"],
["Joomla! Core 1.6.x Cross-Site Scripting","1.6.0","1.6.5","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.5 are vulnerable.","http://bl0g.yehg.net/2011/07/joomla-170-rc-and-lower-multiple-cross.html","http://www.openwall.com/lists/oss-security/2011/07/22/5","https://www.exploit-db.com/exploits/35973/","https://developer.joomla.org/security-centre/357-20110701-xss-vulnerability.html","","CVE-2011-2710","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.6.6 or latest","10/26/2015"],
["Joomla! Core 1.6.x Information Disclosure","1.6.0","1.6.3","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.3 are vulnerable.","http://bl0g.yehg.net/2011/06/full-path-disclosure-joomla-163-and.html","https://developer.joomla.org/security-centre/351-20110602-information-disclosure.html","","","","","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","Update to Joomla! Core version 1.6.4 or latest","10/26/2015"],
["Joomla! Core 1.6.x Cross-Site Scripting","1.6.0","1.6.3","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.3 are vulnerable.","https://www.netsparker.com/xss-vulnerability-in-joomla-163/","https://developer.joomla.org/security/news/349-20110601-xss-vulnerabilities","","","","CVE-2011-4332","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.6.4 or latest","10/26/2015"],
["Joomla! Core 1.6.x Multiple Cross-Site Scripting Vulnerabilities","1.6.0","1.6.3","Joomla! Core is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.3 are vulnerable.","http://bl0g.yehg.net/2011/06/joomla-163-and-lower-multiple-cross.html","http://www.securityfocus.com/archive/1/518634","https://www.exploit-db.com/exploits/17496/","https://developer.joomla.org/security-centre/352-20110604-xss-vulnerability.html","","CVE-2011-2509","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.6.4 or latest","10/26/2015"],
["Joomla! Core 1.6.x Security Bypass","1.6.0","1.6.3","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access unauthorised data. Joomla! Core versions 1.6.x ranging from 1.6.0 and up to and including 1.6.3 are vulnerable.","https://developer.joomla.org/security/news/350-20110603-unauthorised-access","","","","","","CWE-264","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.6.4 or latest","10/28/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.15","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.","https://developer.joomla.org/security-centre/308-20100423-core-password-reset-tokens.html","","","","","CVE-2010-1435","CWE-264","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.16 or latest","10/28/2015"],
["Joomla! Core 1.5.x Session Fixation","1.5.0","1.5.15","Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.","https://developer.joomla.org/security-centre/309-20100423-core-sessation-fixation.html","","","","","CVE-2010-1434","CWE-384","AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.16 or latest","10/28/2015"],
["Joomla! Core 1.5.x Arbitrary File Upload","1.5.0","1.5.15","Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.","https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html","","","","","CVE-2010-1433","CWE-434","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.16 or latest","10/28/2015"],
["Joomla! Core 1.5.x Information Disclosure","1.5.0","1.5.15","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.","https://developer.joomla.org/security-centre/311-20100423-core-negative-values-for-limit-and-offset.html","","","","","CVE-2010-1432","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.16 or latest","10/28/2015"],
["Joomla! Core 1.5.x Information Disclosure","1.5.0","1.5.14","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.14 are vulnerable.","https://developer.joomla.org/security-centre/306-20091103-core-xml-file-read-issue.html","","","","","","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","Update to Joomla! Core version 1.5.15 or latest","10/28/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.14","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently replace an article written by another user. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.14 are vulnerable.","https://developer.joomla.org/security-centre/305-20091103-core-front-end-editor-issue.html","","","","","","CWE-264","AV:N/AC:L/Au:S/C:N/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.15 or latest","10/28/2015"],
["Joomla! Core 1.5.x Information Disclosure","1.5.0","1.5.12","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.12 are vulnerable.","https://developer.joomla.org/security-centre/302-20090722-core-missing-jexec-check.html","","","","","","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","Update to Joomla! Core version 1.5.13 or latest","10/28/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.13","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass timeout protection against sending automated emails. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.13 are vulnerable.","https://developer.joomla.org/security-centre/303-20090723-core-com-mailto-timeout-issue.html","","","","","","CWE-264","AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.14 or latest","10/28/2015"],
["Joomla! Core 1.5.12 Arbitrary File Upload","1.5.12","1.5.12","Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core version 1.5.12 is vulnerable.","http://www.securityfocus.com/bid/35780/exploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/joomla_tinybrowser.rb","https://www.exploit-db.com/exploits/10183/","https://developer.joomla.org/security-centre/301-20090722-core-file-upload.html","","CVE-2011-4906,CVE-2011-4908","CWE-434","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.13 or latest","10/28/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.11","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.11 are vulnerable.","https://www.exploit-db.com/exploits/33061/","http://www.securityfocus.com/bid/35544/exploit","https://developer.joomla.org/security-centre/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html","","","CVE-2011-4909","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.12 or latest","10/28/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.11","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.11 are vulnerable.","https://developer.joomla.org/security-centre/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html","","","","","CVE-2011-4910","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.12 or latest","10/29/2015"],
["Joomla! Core 1.5.x Information Disclosure","1.5.0","1.5.11","Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.11 are vulnerable.","https://developer.joomla.org/security-centre/300-20090606-core-missing-jexec-check.html","","","","","CVE-2011-4911","CWE-200","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.12 or latest","10/29/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.10","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.10 are vulnerable.","https://developer.joomla.org/security-centre/295-20090601-core-comusers-xss.html","","","","","CVE-2009-1940","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.11 or latest","10/29/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.10","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.10 are vulnerable.","http://www.securityfocus.com/bid/35189/exploit","https://developer.joomla.org/security-centre/296-20090602-core-japurity-xss.html","","","","CVE-2009-1939","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.11 or latest","10/29/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.10","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.10 are vulnerable.","http://www.securityfocus.com/bid/35189/exploit","https://www.exploit-db.com/exploits/33022/","https://developer.joomla.org/security-centre/297-20090602-core-frontend-xss.html","","","CVE-2009-1938","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.11 or latest","10/29/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.9","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.9 are vulnerable.","https://developer.joomla.org/security-centre/294-20090302-core-comcontent-xss.html","","","","","CVE-2009-1279","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.10 or latest","10/29/2015"],
["Joomla! Core 1.5.x Multiple Vulnerabilities","1.5.0","1.5.9","Joomla! Core is prone to multiple vulnerabilities, including cross-site scripting and cross-site request forgery vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks or to perform certain administrative actions and gain unauthorized access to the affected application. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.9 are vulnerable.","https://developer.joomla.org/security-centre/293-20090301-core-multiple-xsscsrf.html","","","","","CVE-2009-1279,CVE-2009-1280","CWE-79,CWE-352","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.10 or latest","10/29/2015"],
["Joomla! Core 1.5.x Directory Traversal","1.5.0","1.5.8","Joomla! Core is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.8 are vulnerable.","https://www.exploit-db.com/exploits/7691/","http://www.securityfocus.com/bid/33143/exploit","https://developer.joomla.org/security-centre/288-20090102-core-plgxstandard-directory-traversal.html","","","CVE-2009-0113","CWE-22","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.9 or latest","10/29/2015"],
["Joomla! Core 1.5.x Session Hijacking","1.5.0","1.5.8","Joomla! Core is prone to a session hijacking vulnerability. Exploiting this issue may allow attackers to access another user's session, thus giving them the opportunity to do anything the affected user is authorized to do. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.8 are vulnerable.","http://int21.de/cve/CVE-2008-4122-joomla.html","https://developer.joomla.org/security-centre/287-20090101-core-jsession-ssl-session-disclosure.html","","","","CVE-2008-4122","CWE-310","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.9 or latest","10/30/2015"],
["Joomla! Core 1.5.x Cross-Site Scripting","1.5.0","1.5.7","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.7 are vulnerable.","https://developer.joomla.org/security-centre/284-20081102-core-comweblinks-xss-vulnerability.html","https://developer.joomla.org/security-centre/283-20081101-core-comcontent-xss-vulnerability.html","","","","CVE-2008-6299","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.8 or latest","10/30/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.6","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently guess password reset tokens. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.6 are vulnerable.","https://www.sektioneins.de/advisories/advisory-042008-joomla-weak-random-password-reset-token-vulnerability.html","https://developer.joomla.org/security-centre/272-20080902-core-random-number-generation-flaw.html","","","","CVE-2008-4102","CWE-330","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.7 or latest","10/30/2015"],
["Joomla! Core 1.5.x Spam","1.5.0","1.5.6","Joomla! Core is prone to a spam vulnerability. Exploiting this issue may allow attackers to send spam through the affected website. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.6 are vulnerable.","https://developer.joomla.org/security-centre/273-20080903-core-commailto-spam.html","","","","","CVE-2008-4103","CWE-20","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.7 or latest","10/30/2015"],
["Joomla! Core 1.5.x Open Redirect","1.5.0","1.5.6","Joomla! Core is prone to an open redirect vulnerability because the application fails to properly validate user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.6 are vulnerable.","https://developer.joomla.org/security-centre/274-20080904-core-redirect-spam.html","","","","","CVE-2008-4104","CWE-601","AV:N/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.7 or latest","10/30/2015"],
["Joomla! Core 1.5.x Variable Injection","1.5.0","1.5.6","Joomla! Core is prone to a variable injection vulnerability. Exploiting this issue may allow attackers to inject unwanted characters into returned data; other attacks with unspecified impact are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.6 are vulnerable.","https://developer.joomla.org/security-centre/271-20080901-core-jrequest-variable-injection.html","","","","","CVE-2008-4105","CWE-20","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.7 or latest","10/30/2015"],
["Joomla! Core 1.5.x Security Bypass","1.5.0","1.5.5","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the password of the first enabled user (lowest id) which, typically, is the administrator user; this gives attackers complete control over the affected website. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.5 are vulnerable.","https://www.exploit-db.com/exploits/6234/","http://forum.joomla.org/viewtopic.php?f=432&t=404303","https://developer.joomla.org/security-centre/241-20080801-core-password-remind-functionality.html","","","CVE-2008-3681","CWE-264","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.6 or latest","10/30/2015"],
["Joomla! Core 1.6.0 Multiple Vulnerabilities","1.6.0","1.6.0","Joomla! Core is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to obtain sensitive information that may help in launching further attacks. Joomla! Core version 1.6.0 is vulnerable.","http://bl0g.yehg.net/2011/03/joomla-160-sql-injection-vulnerability.html","http://bl0g.yehg.net/2011/03/joomla-160-cross-site-scripting-xss.html","http://bl0g.yehg.net/2011/03/joomla-160-information-disclosurefull.html","http://jeffchannell.com/Joomla/joomla-160-multiple-minor-vulnerabilities.html","https://www.joomla.org/announcements/release-news/5350-joomla-161-released.html","CVE-2010-3712","CWE-79,CWE-89,CWE-200","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.6.1 or latest","11/02/2015"],
["Joomla! Core 1.0.x Cross-Site Scripting","1.0.0","1.0.15","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.15 are vulnerable.","http://bl0g.yehg.net/2011/01/joomla-10x-1015-cross-site-scripting.html","http://community.joomla.org/blogs/community/509-an-old-friend-comes-of-age.html","","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.5.22 or latest","11/02/2015"],
["Joomla! Core 1.5.x Multiple Cross-Site Scripting Vulnerabilities","1.5.0","1.5.20","Joomla! Core is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.20 are vulnerable.","http://www.openwall.com/lists/oss-security/2011/03/18/5","https://www.joomla.org/announcements/release-news/5300-joomla-1521-released.html","","","","CVE-2010-3712","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.21 or latest","11/02/2015"],
["Joomla! Core 1.0.x Remote File Inclusion","1.0.11","1.0.14","Joomla! Core is prone to a remote file inclusion vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system. Joomla! Core versions 1.0.x ranging from 1.0.11 and up to and including 1.0.14 are vulnerable.","http://www.securityfocus.com/archive/1/archive/1/488126/100/200/threaded","https://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html","","","","CVE-2008-5671","CWE-94","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.0.15 or latest","11/02/2015"],
["Joomla! Core 1.5.x Multiple Vulnerabilities","1.5.0","1.5.3","Joomla! Core is prone to multiple vulnerabilities, including security bypass and open redirect vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently bypass improperly configured .htaccess security checks, access administration area, access cached pages or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.3 are vulnerable.","https://www.joomla.org/announcements/release-news/5180-joomla-154-released.html","","","","","CVE-2008-3225,CVE-2008-3226,CVE-2008-3227,CVE-2008-3228","CWE-16,CWE-59,CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.5.4 or latest","11/02/2015"],
["Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities","1.0.0","1.0.12","Joomla! Core is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.12 are vulnerable.","https://www.joomla.org/announcements/release-news/3677-joomla-1013-released.html","","","","","CVE-2007-4189,CVE-2007-4190,CVE-2007-5577","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.13 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Vulnerabilities","1.0.0","1.0.13","Joomla! Core is prone to multiple vulnerabilities, including cross-site scripting and cross-site request forgery vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks or to perform certain administrative actions and gain unauthorized access to the affected application. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.13 are vulnerable.","http://websecurity.com.ua/1203/","http://www.securityfocus.com/archive/1/archive/1/482006/100/0/threaded","https://www.joomla.org/announcements/release-news/4563-joomla-1014-released.html","","","CVE-2007-5427","CWE-79,CWE-352","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.0.14 or latest","11/03/2015"],
["Joomla! Core 1.0.x Session Fixation","1.0.0","1.0.12","Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.12 are vulnerable.","http://www.securityfocus.com/archive/1/archive/1/476017/100/0/threaded","https://www.joomla.org/announcements/release-news/3677-joomla-1013-released.html","","","","CVE-2007-4188","CWE-287","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.13 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Vulnerabilities","1.0.0","1.0.12","Joomla! Core is prone to multiple vulnerabilities, including SQL injection and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.12 are vulnerable.","http://www.securityfocus.com/archive/1/archive/1/480738/100/0/threaded","https://packetstormsecurity.com/0707-exploits/joomla-sql.txt","","","","CVE-2007-4184,CVE-2007-4185","CWE-89,CWE-200","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core latest version","11/03/2015"],
["Joomla! Core 1.0.x SQL Injection","1.0.0","1.0.11","Joomla! Core is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.11 are vulnerable.","http://www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded","https://www.joomla.org/announcements/release-news/2446-joomla-1012-released.html","","","","CVE-2007-0374","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.0.12 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Vulnerabilities","1.0.0","1.0.9","Joomla! Core is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.9 are vulnerable.","https://www.joomla.org/announcements/release-news/1510-upgrade-to-joomla-1010-security-release.html","","","","","CVE-2006-3480,CVE-2006-3481,CVE-2006-7010","CWE-79,CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.10 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities","1.0.0","1.0.9","Joomla! Core is prone to multiple unspecified vulnerabilities. No available information exists regarding these issues and their impact on a vulnerable website. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.9 are vulnerable.","https://www.joomla.org/announcements/release-news/1510-upgrade-to-joomla-1010-security-release.html","","","","","CVE-2006-7008,CVE-2006-7009","","","","Update to Joomla! Core version 1.0.10 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities","1.0.0","1.0.11","Joomla! Core is prone to multiple unspecified vulnerabilities. No available information exists regarding these issues and their impact on a vulnerable website. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.11 are vulnerable.","https://www.joomla.org/announcements/release-news/2446-joomla-1012-released.html","","","","","CVE-2006-6833,CVE-2006-6834","","","","Update to Joomla! Core version 1.0.12 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities","1.0.0","1.0.10","Joomla! Core is prone to multiple unspecified vulnerabilities. No available information exists regarding these issues and their impact on a vulnerable website. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.10 are vulnerable.","https://www.joomla.org/announcements/release-news/1843-upgrade-immediately-to-joomla-1011.html","","","","","CVE-2006-4466,CVE-2006-4468,CVE-2006-4469,CVE-2006-4470,CVE-2006-4472,CVE-2006-4473,CVE-2006-4475,CVE-2006-4476","","","","Update to Joomla! Core version 1.0.11 or latest","11/03/2015"],
["Joomla! Core 1.0.x Cross-Site Scripting","1.0.0","1.0.11","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.11 are vulnerable.","https://www.joomla.org/announcements/release-news/2446-joomla-1012-released.html","","","","","CVE-2006-6832","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.12 or latest","11/03/2015"],
["Joomla! Core 1.0.x Security Bypass","1.0.0","1.0.10","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently upload files outside of the /images/stories/ directory. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.10 are vulnerable.","https://www.joomla.org/announcements/release-news/1843-upgrade-immediately-to-joomla-1011.html","","","","","CVE-2006-4471","CWE-264","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.11 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities","1.0.0","1.0.10","Joomla! Core is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.10 are vulnerable.","https://www.joomla.org/announcements/release-news/1843-upgrade-immediately-to-joomla-1011.html","","","","","CVE-2006-4474","CWE-79","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.11 or latest","11/03/2015"],
["Joomla! Core 1.0 Remote File Inclusion","1.0.0","1.0.0","Joomla! Core is prone to a remote file inclusion vulnerability because it fails to properly verify user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system. Joomla! Core version 1.0 is vulnerable.","http://www.securityfocus.com/archive/1/archive/1/436707/100/0/threaded","","","","","CVE-2006-2960","CWE-94","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR","","Update to Joomla! Core latest version","11/03/2015"],
["Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities","1.0.0","1.0.7","Joomla! Core is prone to multiple unspecified vulnerabilities. No available information exists regarding these issues and their impact on a vulnerable website. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.7 are vulnerable.","https://www.joomla.org/announcements/release-news/940-joomla-108-released.html","","","","","CVE-2006-1030,CVE-2006-1047","","","","Update to Joomla! Core version 1.0.8 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Vulnerabilities","1.0.0","1.0.7","Joomla! Core is prone to multiple vulnerabilities, including security bypass, SQL injection, information disclosure and denial of service vulnerabilities. Exploiting these issues could allow an attacker to bypass intended access restrictions and perform otherwise restricted actions, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to obtain sensitive information that may help in launching further attacks or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.7 are vulnerable.","http://www.securityfocus.com/archive/1/archive/1/426538/100/0/threaded","https://www.joomla.org/announcements/release-news/940-joomla-108-released.html","","","","CVE-2006-1027,CVE-2006-1028,CVE-2006-1029,CVE-2006-1048,CVE-2006-1049","CWE-89,CWE-200,CWE-264,CWE-400","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.0.8 or latest","11/03/2015"],
["Joomla! Core 1.0.5 Security Bypass","1.0.5","1.0.5","Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently obtain valid e-mail addresses to conduct spam attacks. Joomla! Core version 1.0.5 is vulnerable.","http://forum.joomla.org/viewtopic.php?t=29031","","","","","CVE-2006-0114","CWE-264","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.0.7 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities","1.0.0","1.0.5","Joomla! Core is prone to multiple unspecified vulnerabilities. No available information exists regarding these issues and their impact on a vulnerable website. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.5 are vulnerable.","https://www.joomla.org/announcements/release-news/727-joomla-107-released.html","","","","","CVE-2006-0303","","","","Update to Joomla! Core version 1.0.7 or latest","11/03/2015"],
["Joomla! Core 1.0.x Multiple Vulnerabilities","1.0.0","1.0.3","Joomla! Core is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and denial of service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.3 are vulnerable.","https://www.joomla.org/announcements/release-news/498-upgrade-to-joomla-104-security-release-now.html","","","","","CVE-2005-3771,CVE-2005-3772,CVE-2005-4650","CWE-79,CWE-89,CWE-400","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 1.0.4 or latest","11/03/2015"],
["Joomla! Core 1.0.x Unspecified Vulnerability","1.0.0","1.0.3","Joomla! Core is prone to an unspecified vulnerability. No available information exists regarding this issue and it's impact on a vulnerable website. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.3 are vulnerable.","https://www.joomla.org/announcements/release-news/498-upgrade-to-joomla-104-security-release-now.html","","","","","CVE-2005-3773","","","","Update to Joomla! Core version 1.0.4 or latest","11/03/2015"],
["Joomla! Core 1.5.x Spam","1.5.0","1.5.22","Joomla! Core is prone to a spam vulnerability. Exploiting this issue may allow attackers to send spam through the affected website. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.22 are vulnerable.","https://developer.joomla.org/joomlacode-archive/issue-24289.html","https://www.exploit-db.com/exploits/15979/","https://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html","","","","CWE-20","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.23 or latest","11/06/2015"],
["Joomla! Core 1.6.0 Spam","1.6.0","1.6.0","Joomla! Core is prone to a spam vulnerability. Exploiting this issue may allow attackers to send spam through the affected website. Joomla! Core version 1.6.0 is vulnerable.","http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=24288","https://www.exploit-db.com/exploits/15979/","https://www.joomla.org/announcements/release-news/5350-joomla-161-released.html","","","","CWE-20","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.6.1 or latest","11/06/2015"],
["Joomla! Core 1.0.x Cross-Site Scripting","1.0.0","1.0.15","Joomla! Core is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Joomla! Core versions 1.0.x ranging from 1.0.0 and up to and including 1.0.15 are vulnerable.","https://www.exploit-db.com/exploits/35167/","http://www.securityfocus.com/archive/1/515553/100/0/threaded","","","","CVE-2011-0005","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to Joomla! Core version 1.5.22 or latest","11/06/2015"],
["Joomla! Core 1.5.x Multiple SQL Injection Vulnerabilities","1.5.0","1.5.21","Joomla! Core is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.21 are vulnerable.","http://www.openwall.com/lists/oss-security/2011/03/18/4","https://www.joomla.org/announcements/release-news/5318-joomla-1522-released.html","","","","CVE-2010-4166,CVE-2010-4696","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 1.5.22 or latest","11/06/2015"],
["Joomla! Core Remote Code Execution","1.5.0","3.4.5","Joomla! Core is prone to a remote code execution vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploitation may allow attackers to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. Joomla! Core versions ranging from 1.5.0 and up to and including 3.4.5 are vulnerable.","http://drops.wooyun.org/papers/11330","https://www.exploit-db.com/exploits/38977/","https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html","https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html","https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html","CVE-2015-8562","CWE-94","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to Joomla! Core version 3.4.6 or latest","12/15/2015"],
["Joomla! Core 3.x.x Cross-Site Request Forgery","3.2.0","3.4.5","Joomla! Core is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Joomla! Core versions 3.x.x ranging from 3.2.0 and up to and including 3.4.5 are vulnerable.","https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html","","","","","CVE-2015-8563","CWE-352","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.6 or latest","12/15/2015"],
["Joomla! Core 3.4.x Directory Traversal","3.4.0","3.4.5","Joomla! Core is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. Joomla! Core versions 3.4.x ranging from 3.4.0 and up to and including 3.4.5 are vulnerable.","https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html","","","","","CVE-2015-8564","CWE-22","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.6 or latest","12/15/2015"],
["Joomla! Core 3.x.x Directory Traversal","3.2.0","3.4.5","Joomla! Core is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. Joomla! Core versions 3.x.x ranging from 3.2.0 and up to and including 3.4.5 are vulnerable.","https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal.html","","","","","CVE-2015-8565","CWE-22","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C","","Update to Joomla! Core version 3.4.6 or latest","12/15/2015"],
["Joomla! Core 3.x.x SQL Injection","3.0.0","3.4.6","Joomla! Core is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.4.6 are vulnerable.","https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html","","","","","","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to Joomla! Core version 3.4.7 or latest","01/06/2016"]
);
